Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Setting specific permission in amazon s3 boto bucket

I have a bucket called 'ben-bucket' inside that bucket I have multiple files. I want to be able to set permissions for each file URL. I'm not too sure but I'm assuming if I wanted URL for each file inside a bucket. My URL would be like this?

https://ben-bucket.s3.amazonaws.com/<file_name>

So basically, I want to set a public access to that URL. How would I do it? I tried this and it doesn't work

    bucket = s3.Bucket('ben-bucket').Object('db.sqlite')
    bucket.BucketAcl('public-read')
    print bucket_acl

The code provided. db.sqlite is one of the files inside my bucket ben-bucket The code doesn't work. I want to be able to access the following URL publicly

https://ben-bucket.s3.amazonaws.com/db.sqlite

The code I provided doesn't set the permission to public-read.

like image 744
Biplov Avatar asked Nov 10 '16 01:11

Biplov


People also ask

How do I restrict Amazon S3 bucket access to a specific IAM role?

You can use the NotPrincipal element of an IAM or S3 bucket policy to limit resource access to a specific set of users. This element allows you to block all users who are not defined in its value array, even if they have an Allow in their own IAM user policies.

How do I change permissions on S3 bucket?

Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that contains the object. In the objects list, choose the name of the object for which you want to set permissions. Choose Permissions.

How do I restrict access to a bucket to a specific IP address?

You can restrict access to objects in your bucket to specific IP address by attaching policy which contains allowed IP address range in the "Condition" statement.


1 Answers

By default, all objects in Amazon S3 are private. You can then add permissions so that people can access your objects. This can be done via:

  • Access Control List permissions on individual objects
  • A Bucket Policy that grants wide-ranging access based on path, IP address, referrer, etc
  • IAM Users and Groups that grant permissions to Users with AWS credentials
  • Pre-Signed URLs

If you wish to grant public access to your entire bucket, the simiplest option is to create a Bucket Policy like this (from Bucket Policy Examples]:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::MY-BUCKET/*"]
    }
  ]
}

If you wish to grant public access only to a sub-directory within the bucket, use:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::MY-BUCKET/PATH/*"]
    }
  ]
}

Yes, you could also set the permissions on each individual file. The code for that would be:

import boto3
s3 = boto3.resource('s3')
object = s3.Bucket('ben-bucket').Object('db.sqlite')
object.Acl().put(ACL='public-read')

Reference: Boto3 S3 access controls

like image 101
John Rotenstein Avatar answered Sep 19 '22 12:09

John Rotenstein